Spectre and Meltdown - how secure is your IT equipment?
Spectre and Meltdown - two newly-discovered computer vulnerabilities - have taken the IT industry by surprise. We routinely hear about new exploits that target weaknesses in our software, or in operating systems. But Spectre and Meltdown are weaknesses in the chipset itself. Meaning that pretty much anything using a computer chip could be at risk.
Meltdown affects only Intel chips. Spectre affects every modern microprocessor that uses what is known as 'speculative execution'. These processors work to predict what tasks may need to be performed next - and to do this they look at multiple areas of memory at the same time, in a way that is invisible to software. Apple have said that all iPhones, iPads and Mac computers are affected
So what should you do now?
The honest answer is that the industry is still finding that out - but there's one fact worth remembering. Believe it or not, these vulnerabilities are far from new. In fact they've been around for about the last twenty years. And in all that time they have never been exploited. Which may well be because an exploit of this kind is difficult - but not, necessarily, impossible.
If you're using a device that could be at risk (which could be pretty much any modern device) then be sure to download updates as soon as they become available. Any potential exploit will probably use a malware program, so it's also important to take care of the usual risks. That means keeping firewall and virus checking software up to date, and watching out for emails with attachments that could contain malicious code. Downloading apps? Then check that they come from a reputable supplier - which, in Apple's case, usually means one that's on the App Store. And watch out for malicious websites, too - as you should always do anyway.
If you're a larger enterprise you may have a bigger challenge. The potential risks are far greater if you run a business that handles a large amount of network traffic, and uses heavy-duty processing power. Examples might include a cloud provider, a large retail business, or a data-crunching medical system.
How do the exploits work?
In simple terms, Spectre and Meltdown have revealed a new kind of weakness in everyday programs. In normal use there are strict boundaries between one program and another, even if they're both running at the same time - unless you choose to share data between them. For example, you might well decide to copy part of a spreadsheet into your word-processing program as part of a report or a presentation.
By using Spectre and Meltdown a malicious program could - in theory - exploit a program available to any user to reach other parts of the computer memory. Including parts which would normally be secure. That could expose, for example, the tabs a user has open in their internet browser. Or, more worryingly, their passwords.
How good are the updates?
Like anything done in a hurry, the updates have had their problems. Microsoft's first updates don't always work with third-party software. Some customers reported machines that didn't come back online after the first update. And some updates - from Apple and Microsoft alike - have the side-effect of slowing down the system.
Problems of this kind are inevitable when the work has to be done at breakneck speed. And once a vulnerability is public knowledge, you can be sure the hackers are working equally hard to find ways of exploiting it.
In the long run, the only permanent solution will be a new generation of microchips. But - as ever - that will leave older equipment open to attack. And many businesses can't afford to update all their equipment on a regular basis.
And the good news?
By leasing your equipment rather than buying it, you can be sure of having the latest equipment - and, as they come into production, the latest chipsets. At Qube Leasing we also offer you the facility to upgrade after just two years.
So if you're concerned, why not give us a call on 0333 990 8080? Or, if you prefer, just send us an email. No pressure, and no obligation.